DANEnet Round Table: Viruses and Spyware

Transcription

1 DANEnet Round Table: Viruses and Spyware

2 Definition of a computer virus: -A computer program that is designed to replicate itself by copying itself into the other programs stored in a computer. It may be benign or have a negative effect, such as causing a program to operate incorrectly or corrupting a computer's memory. -Sometimes called Malware, meaning malicious software; a broad term for all types of Viruses and Spyware. -Computer viruses are called viruses because they share some of the traits of biological viruses: -passing from computer to computer like a biological virus passes from person to person. -a computer virus must piggyback on top of some other program or document in order to get executed. Once it is running, it is then able to infect other programs or documents.

3 Different Types of Viruses/Methods of Infection: -Classic Viruses - A virus is a small piece of software that attaches itself to real programs or documents or hides deep in floppies and hard drives. For example, a virus might attach itself to a program such as a Microsoft Excel (Macro Virus) using a popular scripting language known as Visual Basic. -Classic viruses are not as common anymore due to the lack of floppy disk use and that boot sectors are now protected. Also, Microsoft Office has come a long way in blocking this malicious code from running when an Office document is opened. -examples: W97M.Melissa WM.NiceDay W97M.Groov.EXE or.vbs

4 Different Types of Viruses/Methods of Infection: - viruses - An virus moves around in messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's address book. Included are Virus Hoaxes, warning of bogus virus attacks with hopes of spreading panic on the internet. File attachments in messages are a common way of infecting a computer, providing the user clicks on the attachment. -examples: Love Bug/ILOVEYOU (.VBS) MYDOOM SOBIG Good Times (hoax) Melissa (Word Macro attacking NORMAL.DOT then using Outlook to spread).bat,.com,.exe,.scr,.pif and.shs

5 Different Types of Viruses/Methods of Infection: -Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, all the while, clogging the internet with useless traffic. -examples: W32.Mydoom W32.Netsky W32.Klez SLAMMER (a single 376 byte file plugs internet servers in just 15 mins. in 2003)

6 Different Types of Viruses/Methods of Infection: -Trojan horses - A Trojan horse is simply a computer program which claims to do one thing (it may claim to be a game or newly release album) but instead does damage when you run it. It may erase your hard disk, send your credit card numbers and passwords to a stranger, or let that stranger hijack your computer to commit other attacks else where. Trojan horses have no way to replicate automatically. -Files downloaded from file-sharing services such as Kazaa or Gnutella are particularly suspicious, because Peer-to-Peer (P2P) file-sharing services are regularly used to spread Trojan horse programs. -examples: Readme.txt.exe Trojan.Vundo Trojan.ByteVerify

7 Spyware (also known as Adware)/Methods of Infection: -Spyware/adware - a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's processing power. Typical tactics include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites. According to recent estimates, more than two-thirds of all personal computers are infected with some kind of spyware/adware. -examples: Hotbar Intelligent Explorer CoolWebSearch 180solutions browser hijackers pop-up ads from your web browser

8 Dealing with Macro Viruses: -Close Preview Pane - Some viruses have taken advantage of a vulnerability between Outlook/Outlook Express and Internet Explorer. With this vulnerability, some viruses can launch just by viewing them in the Preview Pane. To be safe, the Preview Pane can be turned off (under the View Menu) but be prepared for a user complaints. -Open in WordPad - Open any strange Word documents that you receive by or on disk in WordPad first. They won't open properly and the first 30 or more lines will be code garbage, but in the middle you'll find most of the text of the file, enough to check whether it's a genuine file that you need to open the proper way. -High Macro Security - Unless needed for particular applications (old Access databases, for example) make sure Macro security is set to High (Tools menu> Macro> Security). Modern versions of Word will inform you that a document contains a macro and offer you the option "Disable Macros" before opening. Always choose this option without fail. You can always open the document a second time, with macros enabled, once you've established that it's a genuine document and you need the macros to run.

9 Dealing with Viruses: -NO DOUBLE CLICKING!! - always be aware of what attachments are being open when double click within the message. Saving the suspect file somewhere to examine is a safer solution. A virus must be executed (double-clicked) to be activated so saving a file to disk, even a virus, will not launch an attack. -View True File Extension - Many people have learned that text files (.TXT) and image files (.GIF,.JPG, etc.) are safe to launch because they are data and not executable software. They have learned to be leery of.exe,.vbs and other extensions that are executed immediately. Thus, virus writers try to trick more people using double extensions, so "I LOVE YOU.TXT.vbs" is really not a.txt file, but a.vbs file, a Visual Basic Script that is executed immediately. -Stop it at the Gateway - ask your ISP about virus scanning at your mail server; catching viruses BEFORE they get to the Desktop. If you run your own mail server (Microsoft Exchange, for example) install Gateway Security software for Exchange.

10 Dealing with Viruses:

11 Dealing with Trojan Horse Viruses: -Mind What You Download - NEVER download blindly from people or sites which you aren't 100% sure about. -Mind What You Command - Never type commands that others tell you to type, or go to web addresses mentioned by strangers, or run pre-fabricated programs or scripts (not even popular ones). If you do so, you are potentially trusting a stranger with control over your computer, which can lead to trojan infection or other serious harm.

12 Dealing with Spyware/Adware: -Trust Lavasoft - Adware by Lavasoft is the most recommended Spyware/Adware removal programs available - plus its FREE. Some removal utilities, even ones that cost money, are in fact spyware applications themselves. ( -Scan, Remove, Repeat - Run Lavasoft s Adware tool a few times to be sure the computer is Spyware free. -Add/Remove - use the Add/Remove control panel to rid the computer of helper applications; applications not part of the standard office suite of software. -Limited Access - unless a user absolutely needs to install software or an applications requires it, do NOT give user s Administrative rights over their own computers. If software needs to be installed, an Administrator should log on, install the software, then log back off. In some rare cases, a user must be granted temporary Administrative rights so software is installed properly. After testing the software, remove the user from the administrative group. -Block pop-up windows - either upgrade to Windows XP SP2 (Service Pack 2) or switch to Mozilla/FireFox to allow pop-up blocking.

17 Antivirus Software:Scheduled Maintenance -Keep Virus Definitions Up-to-date - whether managed or standalone, verify virus definitions are being kept up to date. Definitions should be no more than two weeks old. -Setup Auto Scan - all antivirus software should be able to perform a routine system scan for viruses at least once a week. Set this scan (which takes at least 20 mins.) when the computer is on but the user is away (during lunch or a weekly staff meeting). -Review and Delete Quarantined Files - Files caught be antivirus software are stored in a quarantined area so they can be cleaned if deemed important. However, 99% of the files which end up in the quarantined area are obvious viruses and should be deleted as these files will soon take up large amounts of hard drive space.

Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.

Keeping It Clean The Care and Feeding of Your Computer Troubleshooting and Maintenance The computer itself: Regularly dust the exterior. You can use a cloth dampened slightly with water, but do not use

ANTIVIRUS BEST PRACTICES Antivirus Best Practices 1. Introduction This guideline covers the basics on Antivirus Software and its best practices. It will help to have an overall understanding of the subject

Airtel PC Secure Trouble Shooting Guide Table of Contents Questions before installing the software Q: What is required from my PC to be able to use the Airtel PC Secure? Q: Which operating systems does

SECTION 24 (Self-Study) Identify How to Protect Your Network Against Viruses The following objective will be tested: Describe What You Can Do to Prevent a Virus Attack In this section you learn about viruses

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS A computer virus is a small program written to alter the way a computer

Computer Security This document was prepared by Barry The Computer Guy and is the sole property of My Computer Professional. Copyright 2004-2005 My Computer Professional British Columbia, Canada. Please

Viruses, Trojans and Worms Oh My! 2006 Technology Leadership Presentation Series Why is my computer running so slow? What are all of these little windows popping up on my system? Why did my home page change?

How to easily clean an infected computer (Malware Removal Guide) Malware, short for malicious (or malevolent) software, is software used or programmed by attackers to disrupt computer operation, gather

C/W MARS INC. What is a Virus? What is a Worm? What is a Trojan Horse? How do worms and other viruses spread? Viruses on the Network. Reducing your virus Risk. Prevent Future Infections. Non-Booting System!

Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,

(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life

Welcome Windows XP and Vista Users Welcome to Alliance Internet. You have joined one of the fastest growing Internet providers in the area. This information will help you understand how your Internet works.

HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3

7 Steps to Safer Computing These are the seven essentials: - Use a firewall. - Keep your software up to date. - Use an up to date antivirus program. - Use an up to date anti-spyware program. - Only download

Malware, Spyware, Adware, Viruses Gracie White, Scott Black Information Technology Services The average computer user should be aware of potential threats to their computer every time they connect to the

(2) Countermeasures against Spyware Are you sure your computer is not infected with Spyware? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Spyware?

What you can do prevent virus infections on your computer A computer virus is program code which 'hides' in other files and can cause irreparable damage to your computer. Computer viruses spread easily

Welcome to Part 2 of the online course, Spyware and Adware What s in Your Computer? 1 2 This is the second part of a two-part course on spyware and adware. In this portion of the course we will: Review

Toshiba Security Support ANTIVIRUS AND SECURITY SOFTWARE d ANTIVIRUS AND SECURITY SOFTWARE The purpose of this document is to help users make the most of the security software that comes preloaded on Toshiba

Computer infiltration Computer infiltration means unauthorized entering program code into computer system in order to perform undesired (often concealed) activities. Currently, there are about 80,000 types

Objective 1.01 - Identify digital communication hazards. Spyware and browser hijacking -Definitions and implications What is spyware? Spyware is a category of that attach themselves to the computer s operating

Network Security Demo: Web browser Email Messages An email message can be instantly forwarded around the globe, even if accidentally. Do not write anything in a message that you will later regret! Read

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF

Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while

NewNet 66 Network Security Spyware... Understanding the Threat What is Spyware? Spyware is an evolved term. In the mid 90s, it was used to refer to high-tech espionage gadgets. By the late 90s, it became

Spyware and Viruses Spyware and viruses are getting to be the largest problem in the battle of keeping your computer running smoothly and being able to use your computer with any kind of efficiency. There

The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are

Basic Virus Removal Steps The following are basic instructions on how to remove most virus and spyware that infect Windows XP/Vista computers. By providing these, we hope that users will be able to remove

Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control Client Guide for Symantec Endpoint Protection and Symantec Network Access Control The software described in this book is

22 PART 1 INTERNET SECURITY CHAPTER 3 How Spyware and Anti-Spyware Work 23 THESE days, the biggest danger you face when you go onto the Internet might be spyware a type of malicious software that can invade

Release Notes for Websense Email Security v7.2 Websense Email Security version 7.2 is a feature release that includes support for Windows Server 2008 as well as support for Microsoft SQL Server 2008. Version

Lab Exercises Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Review Questions 1) In class, we made the distinction between a front-door attack and

FAQ Safe Anywhere PC Version: 1.0 Disclaimer: You can freely use (copy and edit) the information in this document for your own purposes. You may want to replace all references to F-Secure, F-Secure launch

What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security

All You Need to Know About Spyware What is spyware? Recent studies from a joint project between Dell Computer and the Internet Education Foundation have found that an estimated 90% or more home computers

Computing Guide THE LIBRARY www.salford.ac.uk/library How to set up McAfee virus scanning software and become computer virus savvy A virus infection of your workstation can seriously disrupt your learning,

Computer Security: Best Practices for Home Computing Presented by Student Help Desk Merced Community College Defining the Problem Symantec documented 2,636 new vulnerabilities in 2003, an average of seven

Symantec Mail Security for Microsoft Exchange Getting Started Guide v7.0 Symantec Mail Security for Microsoft Exchange Getting Started Guide The software described in this book is furnished under a license

Sophos Endpoint Security and Control Help Product version: 11 Document date: October 2015 Contents 1 About Sophos Endpoint Security and Control...5 2 About the Home page...6 3 Sophos groups...7 3.1 About

What's the difference between spyware and a virus? What is Scareware? Spyware and viruses are both forms of unwanted or malicious software, sometimes called "malware." You can use Microsoft Security Essentials

Basic Security Tips Bookmarks for Desktop Self-Defense Get Safe Online http://www.getsafeonline.org/ Get Safe Online will help you protect yourself against Internet threats. The site is sponsored by government

for WINDOW 7 Course documentation Material at:sussex.ac.uk/its/training/material/housekeeping University of Sussex Updated: June 2011 IT Services Created: December 2002 University of Sussex IT Services

FAKE ANTIVIRUS MALWARE This information has come from http://www.bleepingcomputer.com/ - a very useful resource if you are having computer issues. The latest tactic currently being used by malware creators

From the SelectedWorks of June, 2012 Controlling Virus Infections in Internet and Web Servers A TRIZ based analysis Available at: http://works.bepress.com/umakant_mishra/89/ Controlling Virus Infections